You unfortunately can’t teach something like this to someone who doesn’t even understand the consequences of it. Or care.

You can absolutely explain it and teach it and make people care. It’s just not easy. I’ve only ever encountered uninformed “I have nothing to hide”-responses to equally lackluster throwaway explanations . It’s a very difficult and abstract topic, it doesn’t come naturally! Don’t treat privacy concerns as equivalent to pointing out dirt on someone’s clothes, treat it like calculus. Successfully conveying it requires time, conversation and didactics.

Blacklist everything then whitelist the IPs you know you’ll be connecting from (work, cell phone, etc). I don’t connect from random places usually. If I need to then I use cellular. You might be better off with a VPN if you need to connect from random places.

I see, thanks!
Is there any concern with whitelisting a cellular CGNAT’s public IP? Presumably that would potentially whitelist thousands or tens of thousands of other mobile devices at once, wouldn’t it?

IP whitelisting

How do you do that? I understand how blocklisting would work but how does whitelisting work in practice? How can you know in advance from which IPs you will connect to your home network in the future? That just seems like a recipe for getting stranded in some hotel without a way into your network.